Create and manage API keys to enable secure programmatic access to your Devdraft account. Use these keys to integrate with external systems, automate workflows, and build custom applications.

​
What are API Keys?

API keys are secure credentials that allow external applications and services to access your Devdraft account programmatically. Each key consists of a public key identifier and a secret key that together authenticate API requests.
API Keys management dashboard showing created keys and controls - light modeAPI Keys management dashboard showing created keys and controls - dark mode

API Keys Management Dashboard

​
Quick Setup

Create your first API key in under 2 minutes:
1

Access API Keys

Navigate to App Settings → API Keys in your dashboard
2

Create New Key

Click Create API Key and provide a descriptive name
Create API Key interface with name and description fields - light modeCreate API Key interface with name and description fields - dark mode

Create API Key Interface

3

Set Permissions

Choose the access scopes and permissions for your key
4

Save Credentials

Copy and securely store your API key and secret

​
API Key Components

API Key (Public)

A public identifier that identifies your application to our servers

Secret Key (Private)

A private key used for authentication - keep this secure and never share publicly
Your secret key is only shown once during creation. Make sure to copy and store it securely before closing the creation dialog.

​
Creating API Keys

1

Start Key Creation

Navigate to App Settings → API Keys and locate the key creation area.
2

Configure Key Details

API Key Information:
  • Name: Descriptive name for identification
  • Description: Optional usage notes
  • Scope: Select appropriate access permissions
  • Expiration: Set key lifetime (optional)
3

Generate and Save

Click Generate API Key to create your credentials.
Copy both the API key and secret immediately - the secret is only shown once.

​
Managing Existing API Keys

​
Security Best Practices

Secure Storage

Store API keys in environment variables or secure configuration management systems

Least Privilege

Grant only the minimum permissions required for each key’s intended purpose

Regular Rotation

Rotate API keys periodically, especially for production applications

Monitor Usage

Regularly review API key activity and revoke unused or suspicious keys

​
API Key Security

1

Never Expose Keys Publicly

Keep Keys Private:
  • Never commit API keys to version control
  • Don’t include keys in client-side code
  • Avoid sharing keys in documentation or support tickets
  • Use environment variables for key storage
2

Implement Proper Access Controls

Scope Limitations:
  • Create separate keys for different applications
  • Use read-only keys when write access isn’t needed
  • Implement IP restrictions where possible
  • Monitor for unusual API activity
3

Respond to Security Incidents

Incident Response:
  • Immediately revoke compromised keys
  • Generate new credentials for affected applications
  • Review audit logs for unauthorized access
  • Update security procedures as needed

​
Integration Examples

curl -X GET "https://api.devdraft.ai/v1/transactions" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Secret-Key: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json"
API keys are tied to your specific application and business account. Each key provides access only to data and operations within your account scope.